Structs2 prevents repeated submission of token and structs2token

Source: Internet
Author: User

Structs2 prevents repeated submission of token and structs2token
I. Introduction

Struts2 uses the token Interceptor to check whether the form is submitted repeatedly. It adopts the synchronous token method.

Synchronous token: the server compares the token value contained in the request with the token value saved in the current user session to check whether the request matches. After the request is processed and the reply is sent to the client, a new token will be generated. In addition to sending the token to the client, the old token saved in the user session is also replaced. In this way, if the user goes back to the submission page and submits the request again, the token sent from the client is inconsistent with the token sent from the server, effectively preventing repeated submission.


Implementation Method:
1) token
The token interceptor intercepts the request. If it is a duplicate request, it is directed to the Result named invalid. token.
2) tokenSession
The only difference between the tokenSession interceptor and the token interceptor is that after judging a request as a duplicate request, it is not immediately redirected to the request named invalid. the Result of the token, but first blocks the repeated request until the browser responds to the initial normal request, then you can jump to the Result after processing the normal request.

Ii. token tag
<Package name = "money" namespace = "/money" extends = "struts-default"> <action name = "transfer" class = "com. meetcomet. action. transferAction "> <interceptor-ref name =" defaultStack "/> <! -- Use the token interceptor --> <interceptor-ref name = "token"/> <! -- Output page after interception --> <result name = "invalid. token ">/index. jsp </result> <result name = "success">/welcome. jsp </result> </action> </package>

Enter index. jsp

<S: form action = "transfer" namespace = "/money"> <! --- Token tag ---> <s: token> </s: token> <! --- This label is used to display the error of action. Because this label is set to return to this page after interception, --> <s: actionerror/> <s: textfield label = "Amount" name = "amount" value = "100"/> <s: submit value = "Transfer money"/> </s: form>

There is nothing special about Action. To keep it running for a long time, you can easily submit it again,

public String execute() throws Exception {        Thread.sleep(2000); // to simulate processing time        return SUCCESS;    }

Debugging problem: the token tag does not seem to have any function.

This should be caused by abnormal tomcat deployment. Redeploy to ensure that there is no error during tomcat deployment.

Iii. tokenSession Mode
<action name="transfer2"  class="com.meetcomet.action.transferAction">            <interceptor-ref name="defaultStack" />            <interceptor-ref name="tokenSession" />            <result name="success">/welcome.jsp</result> </action>

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.